README

What is this repository for?

Greybox Fuzzing As Contextual Bandits Problem:
This repository contains the code to formulate the energy prediction in greybox fuzzing as contextual bandits problem. We select 128 bytes from the test case and treat it as a state. We predict actions according to a neural network model given the input state, here the action space is the collection of multipliers of the energy value, to be given to the test case. We fuzz the state with the modified energy value. This tool is an extension of American Fuzzy Lop (AFL)

How do I get set up?

Follow the instructions given below. A concrete example of fuzzing nm-new binary from the binutils is provided at the end.
1)Install Tensorflow CPU
2)Clone this repository and change your current working directory to this directory.
3)Compile the source code

make clean all

4)Now compile the target program(e.g. binutils) with afl-gcc. e.g.

CC=<path-to-bandit_afl-repository>/afl-gcc ./configure --disable-shared
make clean all

5)Create an input directory containing some seed inputs, and 2 output directories, one for saving the training results and other for saving test results .
Start the training:

8)We use seed provided by the afl as an input seed for this experiment.

#copy the seed provided by the afl to out input directory
cp <path-to-bandit_afl-repository>/testcases/others/elf/small_exec.elf ./afl_in

9)Change your current working directory back to bandit_afl
10)Start training: here we are training our model for 0.5 hour and we use nm-new (with -C option) as a target binary to fuzz. You can change the training time and target binary as per your choice.

NOTE: If you get any warnings related to core_patterns or cpu scaling governor then follow the instructions provided by the AFL.
11)Once the training is finished, start testing: Here we are testing for 4 hours. You can change the test time as per your choice